<?php
!function_exists('readover') && exit('Forbidden');
$groupid == 'guest' && Showmsg('not_login');

InitGP(array('id','step'),'GP',2);

!$id && Showmsg('illegal_request');
$advertinfo = $db->get_one("SELECT * FROM pw_modules WHERE id=".pwEscape($id));
(!$advertinfo || !$advertinfo['ifhire']) && Showmsg('illegal_request');
$conf = unserialize($advertinfo['config']);
!in_array($conf['style'],array('txt','img','flash')) && Showmsg('illegal_request');
$rt = $db->get_one("SELECT * FROM pw_buyadvert WHERE id=".pwEscape($id)." AND uid=".pwEscape($winduid));
//$query && Showmsg('advert_have_buy');

if ($step == 2) {

	InitGP(array('days'),'GP',2);
	InitGP(array('link','title'));
	$days < 1 && Showmsg('advert_days_error');

	require_once(R_P.'require/credit.php');
	if ($conf['price'] && $credit->get($winduid,$conf['creditype']) < $conf['price'] * $days) {
		Showmsg('advert_lack_credit');
	}
	$link = str_replace(array('&#61;','&amp;'),array('=','&'),$link);
	(strlen($title)>100 || strlen($link) > 100) && Showmsg('advert_length_error');
	$config = array();
	$config['days'] = $days;

	if ($conf['style'] == 'txt') {
		!$title && Showmsg('advert_title_empty');
		!preg_match('/^(http|ftp|https|telnet|mms|rtsp):\/\/([.a-zA-Z0-9-])+(:[0-9]+)*([+:%\/\?~=&;\\\(\),._a-zA-Z0-9-])*(#[.a-zA-Z0-9-])*$/is',$link) && Showmsg('advert_link_error');
	} elseif ($conf['style'] == 'img') {
		!$title && Showmsg('advert_discrip_empty');
		InitGP(array('url'));
		$url = str_replace(array('&#61;','&amp;'),array('=','&'),Char_cv($url));
		strlen($url)>100 && Showmsg('advert_length_error');
		!preg_match('/^(http|ftp|https|telnet|mms|rtsp):\/\/([.a-zA-Z0-9-])+(:[0-9]+)*([+:%\/\?~=&;\\\(\),._a-zA-Z0-9-])*\.(gif|jpg|jpeg|png)$/is',$url) && Showmsg('advert_img_error');
		!preg_match('/^(http|ftp|https|telnet|mms|rtsp):\/\/([.a-zA-Z0-9-])+(:[0-9]+)*([+:%\/\?~=&;\\\(\),._a-zA-Z0-9-])*(#[.a-zA-Z0-9-])*$/is',$link) && Showmsg('advert_link_error');
		$config['url'] = $url;
	} elseif ($conf['style'] == 'flash') {
		!$title && Showmsg('advert_discrip_empty');
		!preg_match('/^(http|ftp|https|telnet|mms|rtsp):\/\/([.a-zA-Z0-9-])+(:[0-9]+)*([+:%\/\?~=&;\\\(\),._a-zA-Z0-9-])*$/is',$link) && Showmsg('advert_link_error');
	} else {
		Showmsg('illegal_request');;
	}
	if (empty($rt) && $conf['operator']) {
		require_once(R_P.'require/msg.php');
		$message = array(
			'toUser'	=> strpos($conf['operator'],',') === false ? $conf['operator'] : explode(',',$conf['operator']),
			'subject'	=> 'advert_apply_title',
			'content'	=> 'advert_apply_content',
			'other'		=> array(
				'username'		=> $windid,
				'time'			=> get_date($timestamp),
				'days'			=> $days
			)
		);
		pwSendMsg($message);
	}
	$config['link']	 = $link;
	$config['title'] = $title;
	$config = addslashes(serialize($config));
	$db->query("REPLACE INTO pw_buyadvert SET " . pwSqlSingle(array(
		'id' => $id, 'uid'	=> $winduid, 'config' => $config
	)));
	Showmsg('advert_success');

} else {

	if ($rt) {
		$config = unserialize($rt['config']);
	} else {
		$config = array('days' => 30);
	}
	$creditName = pwCreditNames($conf['creditype']);
	require_once PrintHack('index');ajax_footer();

}
?>